Modern vehicles such as cars and trucks typically use many networked electronic devices ranging from simple sensors generating various feedback signal messages to more complicated Electronic Control Units (ECUs) consisting of microcontrollers and microcomputers for control of vehicle systems and operations, to support communication between the vehicle and systems external to the vehicle, and provide applications to users. Security capabilities are important to these devices for protection of in-vehicle message integrity and confidentiality, protection against message reply attacks, and for device authentication. These same security capabilities are also important when in-vehicle devices are communicating with an authenticated server external to the vehicle such as for example external diagnostic equipment, brought-in devices, and remote telemetry systems. The original devices on a vehicle are very often authenticated or assumed to be authentic during device or vehicle manufacturing process. However, no provisions are made for further device authentication or for further security key derivation or distribution to be performed after the vehicle leaves the manufacturing plant.
In-vehicle device authentication systems that support widely diverse in-vehicle devices over heterogeneous networks are unavailable. For example, since Controller Area Network (CAN) buses do not provide device authentication mechanisms, application-layer authentication mechanisms such as the seed-key method have been used to control access to ECU firmware from external diagnostic tools for ECU firmware updates. These application-layer authentication mechanisms, however, cannot support authentication of all types of in-vehicle networks, especially devices that only send but not receive data (e.g., sensors) and devices that are incapable of performing sophisticated cryptographic operations. Various authentication tools for in-vehicle Ethernet networks are limited to supporting device authentication at the Ethernet MAC layer. Therefore, the application layer and network-specific authentication and security key generation and distribution protocols are unable to provide for authentication of in-vehicle electronic devices having varying different communication and processing capabilities.